Published

Window Server 2008 + TFS 2008 SP1 + SQL Server 2008 SP1 + SSL

We have been using TFS at Payvision for many years, but these days I’ve been playing again with Team Foundation Server 2008 … let’s say for fun. I wanted to install from scratch TFS 2008 single server installation, on top of Windows Server 2008 and SQL Server 2008 SP1 and, configure it to be accessed via SSL, since I got lot of fun I decided to write down all the things I needed to do to have all up and running, basically because I doubt I will be able to remember all if I need to do it again. So, here is the list with the steps:

– Step 4: Follow all the steps described in the guide to create accounts, open ports, install prerequisites…

– Step 5: If you followed all the steps, you are now probably wondering why after do the “Integrated Installation of Team Foundation Server and Service Pack 1” the installer stills complaining about not having a supported SQL Server version for TFS. If this is the case, follow this workaround. If it is not the case, it means you didn’t follow the recommendation of check for updates after install SQL Server and the SQL Server 2008 SP1 is not installed yet.

– Step 6: After complete the installation of TFS. Install the Team Explorer and check all works as expected: Create a project, bug, work items, check in, check out, reports, team site …

– Step 8: What? Really? So, when you open Team Explorer you see a red cross in the Reports, but the reports are working when you access them directly and in addition it does not happen on all computers…don’t panic, it is something with an easy solution, you need to be sure Visual Studio SP1 is installed after Team Explorer.

– Step 9: After SP1 is installed you can already access the reports from Team Explorer, you can open the Reports but … the Event Viewer shows a nice error saying that “OLE DB error: OLE DB or ODBC error: Cannot open database “TfsWarehouse” requested by the login. The login failed.; 42000.”. You need to assign the role TfsWarehouseDataReader to the user Network Service, I found the solution here and also the solution to problem 8, sorry step 8, it was pity I didn’t see problem 9 before problem 8 it would have saved me some time.

– Step 11: Great all is working now. It’s time to break it again, it’s time to configure the FQDN and SSL. To do it, you should check this guide from the Team Foundation Server global support team, probably one of the best docs I read about it, but we are not going to follow it exactly so I give hints on what/why I did different. Some are quite evident others no.

– Step 12: Before you configure the SharePoint Central Admin to have SSL required in IIS, it is important that you Configure Alternate Access Mappings in SharePoint. If you do the way around the mappings will be changed and you will not be able to open SharePoint 3.0 Central Administration.

– Step 13: When you do the step to configure the connections with TfsAdminUtil be sure to use the full url for the option /ReportServer because there is a bug that configures a wrong URL, therefore instead of “/ReportServer:https://www.site.com:port/ReportServer” you should do “/ReportServer:https://www.site.com:port/ReportServer/ReportService.asmx”. Sigh, this one really drove me crazy I wasted more time trying to figure out why all was failing than all the other steps together. So, I highly suggest you run “TfsAdminUtil ConfigureConnections /view” to get the list of urls, double check they are configured as expected and you can access them with your web browser.

– Step 14: When you configure the Report Server with “Reporting Services Configuration Manager”, instead of just adding the SSL configuration I removed also the standard http one. Even if I was able to access the report site via SSL the internal links were still pointing to the HTTP version and as I said before, I just wanted to have all via SSL.

– Step 15: You need to give permissions to the machine keys in order the user network service can access the certificate we use for SSL encryption. To do it go to \ProgramData\Microsoft\Crypto\RSA, add the user NETWORK SERVICE, and assign the permissions read and write. Be very careful with this step you don’t want to mess up anything here.

– Step 16: All seems to be done now, check all works as expected: Create a project, bug, work items, check in, check out, reports, team site … and yes all looks good…but we are not done yet, “Team Project Administration” of the Conchango template still does not work, when I try to access the page it gives me a 403 error…sigh…but I found a non related post with my error that gave me the hint to solve it. To make it work I just needed to update the registry key with the new SSL url for TFS.

– Step 17: Have fun with your fresh installation of TFS.

This is pretty much all the (extra) steps you need to know for the errors you might face during the installation. I hope this post can safe some of your time if you do something similar.